We are seeking a highly experienced Information Security Expert with strong technical expertise and solid background in Governance, Risk & Compliance (GRC). The role is primarily hands-on, supporting security architecture, risk management, and security operations across enterprise environments.

Key Responsibilities

Technical Security

• Design and review secure architectures (network, cloud, applications) using defense-in-depth and zero-trust principles
• Perform vulnerability assessments, support penetration testing, and drive remediation
• Review and validate security configurations across infrastructure, endpoints, and cloud platforms
• Provide technical guidance on security tools (SIEM, EDR, firewalls, etc.)
• Stay updated on emerging threats and recommend improvements

Risk Management & GRC

• Conduct enterprise-wide security risk assessments and maintain risk register
• Develop and track risk mitigation plans aligned with business priorities
• Ensure compliance with frameworks such as ISO 27001, NIST, CIS Controls
• Develop and review security policies, standards, and procedures
• Support audits, compliance reviews, and third-party/vendor risk assessments

Security Operations Support

• Work closely with SOC for monitoring, detection, and incident response
• Support incident investigations, RCA, and remediation
• Optimize SIEM alerts and security monitoring rules
• Participate in DR drills and security readiness exercises

Required Qualifications

• Bachelor’s degree in IT / Computer Science / Information Security
• 8+ years of experience in Information Security (technical experience preferred)
• Mandatory experience in GRC, governance, compliance, and policy frameworks
• Strong knowledge of ISO 27001, NIST, CIS Controls
• Hands-on experience with security tools, vulnerability management, and security operations
• Certifications such as CISSP, CISM, CEH, ISO 27001 LI/LA preferred
• Cloud security exposure (AWS / Azure / GCP) is a plus